Issue when trying to login after update to Neos 2.0.6 (Access denied for method indexAction)

tkoch · January 13, 2016, 10:45am

I’m having trouble to login to the Neos backend, after updating from Neos 2.0.4 (PHP 5.6) to Neos 2.0.6 (PHP 7.0).

I get a 403 response, PolicyEnforcementAspect.php reports access denied for method indexAction. User in question (admin) has roles TYPO3.Neos:Editor and TYPO3.Neos:Administrator. I’m certain that the user exists (if I don’t provide the correct credentials, I’m redirected to the login page).

Uncaught exception #1222268609 in line 63 of /var/www/neos/Data/Temporary/Production/Cache/C
ode/Flow_Object_Classes/TYPO3_Flow_Security_Aspect_PolicyEnforcementAspect.php: Access denie
d for method
Method: TYPO3\Neos\Controller\Backend\BackendController::indexAction()
Evaluated following 2 privilege target(s):
"TYPO3.Neos:AllControllerActions": ABSTAIN
"TYPO3.Neos:Backend.GeneralAccess": ABSTAIN
(0 granted, 0 denied, 2 abstained)
Authenticated roles: TYPO3.Flow:Everybody, TYPO3.Flow:AuthenticatedUser

My temporary workaround is to downgrade to Neos 2.0.4 (PHP 5.6), but I’d like to keep things up to date.

Any hints?

aertmann · January 13, 2016, 12:53pm

Do you have any custom ACL policies? If so could you share them?

There was someone else with a similar problem, turned out he was defining superRoles of a role from another package.

tkoch · January 13, 2016, 1:47pm

No custom ACL policies. At least none I’m aware of. How to check?

aertmann · January 15, 2016, 12:12pm

Look for Policy.yaml files in your custom packages

tkoch · January 17, 2016, 7:14pm

Thanks for taking a look into this.

No custom Policy.yaml.

$ find . -iname "Policy.yaml"
./Packages/Application/TYPO3.Media/Configuration/Policy.yaml
./Packages/Application/TYPO3.Neos/Configuration/Policy.yaml
./Packages/Application/TYPO3.Neos/Configuration/Testing/Policy.yaml
./Packages/Application/TYPO3.Setup/Configuration/Policy.yaml
./Packages/Application/TYPO3.TYPO3CR/Configuration/Policy.yaml
./Packages/Framework/TYPO3.Flow/Configuration/Policy.yaml
./Packages/Framework/TYPO3.Flow/Configuration/Testing/Policy.yaml
./Packages/Framework/TYPO3.Flow/Tests/Unit/Security/Fixture/Roles/Foo.Package1/Policy.yaml
./Packages/Framework/TYPO3.Flow/Tests/Unit/Security/Fixture/Roles/Package2/Policy.yaml
./Packages/Framework/TYPO3.Flow/Tests/Unit/Security/Fixture/Roles/Policy.yaml

tkoch · January 17, 2016, 7:16pm

Appears to be fixed in Neos 2.0.7. Is this a known issue? I couldn’t find any related remarks in the CHANGELOG.

aertmann · January 18, 2016, 2:06pm

That’s confusing to me as well, neither the Flow or Neos log mentions anything related to that. Anyway glad it works.